summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc5421.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc5421.txt')
-rw-r--r--doc/rfc/rfc5421.txt563
1 files changed, 563 insertions, 0 deletions
diff --git a/doc/rfc/rfc5421.txt b/doc/rfc/rfc5421.txt
new file mode 100644
index 0000000..dc51938
--- /dev/null
+++ b/doc/rfc/rfc5421.txt
@@ -0,0 +1,563 @@
+
+
+
+
+
+
+Network Working Group N. Cam-Winget
+Request for Comments: 5421 H. Zhou
+Category: Informational Cisco Systems
+ March 2009
+
+
+ Basic Password Exchange within the Flexible Authentication
+ via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)
+
+Status of This Memo
+
+ This memo provides information for the Internet community. It does
+ not specify an Internet standard of any kind. Distribution of this
+ memo is unlimited.
+
+Copyright Notice
+
+ Copyright (c) 2009 IETF Trust and the persons identified as the
+ document authors. All rights reserved.
+
+ This document is subject to BCP 78 and the IETF Trust's Legal
+ Provisions Relating to IETF Documents in effect on the date of
+ publication of this document (http://trustee.ietf.org/license-info).
+ Please review these documents carefully, as they describe your rights
+ and restrictions with respect to this document.
+
+ This document may contain material from IETF Documents or IETF
+ Contributions published or made publicly available before November
+ 10, 2008. The person(s) controlling the copyright in some of this
+ material may not have granted the IETF Trust the right to allow
+ modifications of such material outside the IETF Standards Process.
+ Without obtaining an adequate license from the person(s) controlling
+ the copyright in such materials, this document may not be modified
+ outside the IETF Standards Process, and derivative works of it may
+ not be created outside the IETF Standards Process, except to format
+ it for publication as an RFC or to translate it into languages other
+ than English.
+
+IESG Note
+
+ EAP-FAST has been implemented by many vendors and it is used in the
+ Internet. Publication of this specification is intended to promote
+ interoperability by documenting current use of existing EAP methods
+ within EAP-FAST.
+
+ The EAP method EAP-FAST-GTC reuses the EAP type code assigned to EAP-
+ GTC (6). The reuse of previously assigned EAP Type Codes is
+ incompatible with EAP method negotiation as defined in RFC 3748.
+
+
+
+Cam-Winget & Zhou Informational [Page 1]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ Since EAP-GTC does not support method-specific version negotiation,
+ the use of EAP-FAST-GTC is implied when used inside the EAP-FAST
+ tunnel during authentication. This behavior may cause problems in
+ implementations where the use of another vendor's EAP-GTC is
+ required. Since such support requires special case execution of a
+ method within a tunnel, it also complicates implementations that use
+ the same method code both within and outside of the tunnel method.
+ If EAP-FAST were to be designed today, these difficulties could be
+ avoided by utilization of unique EAP Type codes. Given these issues,
+ assigned method types must not be re-used with different meaning
+ inside tunneled methods in the future.
+
+Abstract
+
+ The Flexible Authentication via Secure Tunneling Extensible
+ Authentication Protocol (EAP-FAST) method enables secure
+ communication between a peer and a server by using Transport Layer
+ Security (TLS) to establish a mutually authenticated tunnel. Within
+ this tunnel, a basic password exchange, based on the Generic Token
+ Card method (EAP-GTC), may be executed to authenticate the peer.
+
+Table of Contents
+
+ 1. Introduction ....................................................2
+ 1.1. Specification Requirements .................................3
+ 2. EAP-FAST GTC Authentication .....................................3
+ 3. Security Considerations .........................................7
+ 3.1. Security Claims ............................................7
+ 4. IANA Considerations .............................................8
+ 5. Acknowledgments .................................................9
+ 6. References ......................................................9
+ 6.1. Normative References .......................................9
+ 6.2. Informative References .....................................9
+
+1. Introduction
+
+ EAP-FAST [RFC4851] is an EAP method that can be used to mutually
+ authenticate a peer and server. This document describes the EAP-FAST
+ inner EAP method, EAP-FAST-GTC, which is used to authenticate the
+ peer through a basic password exchange. EAP-FAST-GTC was developed
+ to support using cleartext passwords to authenticate to legacy user
+ databases, to facilitate password change, and to support one time
+ password features such as new pin mode. Message exchanges, including
+ user credentials, are cleartext strings transferred within the
+ encrypted TLS tunnel and thus are considered secure. For historical
+ reasons, EAP-FAST-GTC uses EAP Type 6, originally allocated to EAP-
+ GTC [RFC3748]. Note that EAP-FAST-GTC payloads used in EAP-FAST
+ require specific formatting and therefore will not necessarily be
+
+
+
+Cam-Winget & Zhou Informational [Page 2]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ compatible with EAP-GTC mechanisms used outside of EAP-FAST. To
+ avoid interference between these two methods, EAP-FAST-GTC MUST NOT
+ be used outside an EAP-FAST tunnel, and EAP-GTC MUST NOT be used
+ inside an EAP-FAST tunnel. All EAP-FAST-GTC packets sent within the
+ TLS tunnel must be encapsulated in EAP Payload TLVs, described in
+ [RFC4851].
+
+ It is assumed that a reader of this document is familiar with EAP-
+ FAST [RFC4851].
+
+1.1. Specification Requirements
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+2. EAP-FAST GTC Authentication
+
+ All EAP-FAST-GTC packets inside EAP-FAST other than the empty
+ acknowledgment packet MUST follow the "LABEL=Value" format. All
+ Labels are in ASCII text and SHALL NOT contain the space character.
+ Currently, three Labels are defined:
+
+ o "CHALLENGE", the server request packet MUST be in the form of
+ "CHALLENGE=Value", where Value is the server challenge, such as
+ "please enter your password".
+
+ o "RESPONSE", the peer response packet MUST be in the form of
+ "RESPONSE=Value", where Value is the peer response.
+
+ o "E", the server failure packet MUST be in the form of "E=Value",
+ where Value is the error message generated by the server.
+
+ If the peer or the server receives an EAP-FAST-GTC request or
+ response that is not in the format specified above, it SHOULD fail
+ the authentication by sending a Result TLV with a failure.
+
+ After the TLS encryption tunnel is established and EAP-FAST
+ Authentication phase 2 starts, the EAP server sends an EAP-FAST-GTC
+ Request, which contains a server challenge. The server challenge is
+ a displayable message for use by the peer to prompt the user.
+
+ A peer MAY prompt the user for the user credentials, or decide to use
+ the user credentials gained through some other means without
+ prompting the user. The peer sends the user credentials back in the
+ EAP-FAST-GTC Response using the following format:
+
+ "RESPONSE=user@example.com\0secret"
+
+
+
+Cam-Winget & Zhou Informational [Page 3]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ where "user@example.com" is the actual username and "secret" is the
+ actual password. The NULL character "\0" is used to separate the
+ username and password.
+
+ The username and password are included in a single message in the
+ first response packet as an optimization by eliminating the inner
+ method EAP-Identity exchange to save an extra round trip.
+
+ Once the EAP-FAST server receives the user credentials, it SHOULD
+ first validate the user identity with the Initiator ID (I-ID)
+ [RFC5422] in the PAC-Opaque (Protected Access Credential) and if it
+ matches, it will continue to authenticate the user with internal or
+ external user databases.
+
+ Additional exchanges MAY occur between the EAP-FAST server and peer
+ to facilitate various user authentications. The EAP-FAST server
+ might send additional challenges to prompt the peer for additional
+ information, such as a request for the next token or a new pin in the
+ one time password case, or a server failure packet to indicate an
+ error. The peer displays the prompt to the user again and sends back
+ the needed information in an EAP-FAST-GTC Response. The exchange
+ ends when a Result TLV is received.
+
+ An EAP-FAST-GTC server implementation within EAP-FAST uses the
+ following format to indicate an error if an authentication fails:
+
+ "E=eeeeeeeeee R=r M=<msg>"
+
+ where:
+
+ The "eeeeeeeeee" is the ASCII representation of a decimal error code
+ corresponding to one of those listed below, though peer
+ implementations SHOULD deal with codes not on this list gracefully.
+
+ The error code need not be 10 digits long.
+
+ Below is a complete list of predefined error codes:
+
+ o 646 ERROR_RESTRICTED_LOGON_HOURS
+
+ Indicates that access is attempted outside the allowed hours.
+ Peer implementations SHOULD display the error message to the user
+ and ask the user to try at a later time.
+
+
+
+
+
+
+
+
+Cam-Winget & Zhou Informational [Page 4]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ o 647 ERROR_ACCT_DISABLED
+
+ Indicates that the requested account is disabled. Peer
+ implementations SHOULD display the error message to the user,
+ which helps the user to resolve the issue with the administrator.
+
+ o 648 ERROR_PASSWD_EXPIRED
+
+ Indicates that the password has expired and a password change is
+ required. Peer implementations SHOULD prompt the user for a new
+ password and send back the new password in the peer response
+ packet.
+
+ o 649 ERROR_NO_DIALIN_PERMISSION
+
+ Indicates that access has been denied due to lack of dial-in
+ permission. Peer implementations SHOULD display the error message
+ to the user, which helps the user to resolve the issue with the
+ administrator.
+
+ o 691 ERROR_AUTHENTICATION_FAILURE
+
+ Indicates that there was authentication failure due to an
+ incorrect username or password. Based on the retry flag described
+ below, peer implementations MAY prompt the user again for a new
+ set of username and password or simply send back an empty
+ acknowledgment packet to acknowledge the failure and go into the
+ termination phase of the authentication session.
+
+ o 709 ERROR_CHANGING_PASSWORD
+
+ Indicates that the password change failed, most likely because the
+ new password fails to meet the password complexity policy. Peer
+ implementations SHOULD display the error message and prompt the
+ user again for the new password.
+
+ o 755 ERROR_PAC_I-ID_NO_MATCH
+
+ Indicates that the PAC used to establish the EAP-FAST session
+ cannot be used to authenticate to this user account. Based on the
+ retry flag described below, peer implementations MAY prompt the
+ user again for a new set of username and password or simply send
+ back an empty acknowledgment packet to acknowledge the failure and
+ go into the termination phase of the authentication session.
+
+ The "r" is a single character ASCII flag set to '1' if a retry is
+ allowed, and '0' if not. When the server sets this flag to '1', it
+ disables short timeouts, expecting the peer to prompt the user for
+
+
+
+Cam-Winget & Zhou Informational [Page 5]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ new credentials and to resubmit the response. When the server sets
+ this flag to '0', the peer SHOULD NOT prompt the user for new
+ credentials to try again without restarting the EAP-FAST
+ authentication from the beginning.
+
+ The <msg> is human-readable ASCII text. Current implementations only
+ support ASCII text.
+
+ The server failure packet can be broken into Label/Value pairs using
+ the space character as the separator. The only value that may
+ contain the space character is the <msg> value, which is always the
+ last value pair in the failure packet. The peer SHOULD ignore any
+ unknown label/value pair in the failure packet.
+
+ The error format described above is similar to what is defined in the
+ Microsoft Challenge Handshake Authentication Protocol version 2
+ (MSCHAPv2) [RFC2759], except for the omission of a server challenge.
+ So if the EAP-FAST server is distributing MSCHAPv2 exchanges to the
+ backend inner method server, it can simply return what the backend
+ inner method server returns less the server challenge. In the case
+ of connecting to a one time password or Lightweight Directory Access
+ Protocol (LDAP) [RFC4511] server, the EAP-FAST server can translate
+ the error message into this format. With the addition of the retry
+ count, the peer can potentially prompt the user for new credentials
+ to try again without restarting the EAP-FAST authentication from the
+ beginning. The peer will respond to the error code with another EAP-
+ FAST-GTC Response packet with both the new username and password, or
+ in case of other unrecoverable failures, an empty EAP-FAST-GTC packet
+ for acknowledgement. The peer uses empty EAP-FAST-GTC payload as an
+ acknowledgment of the unrecoverable failure.
+
+ If the EAP-FAST server finishes authentication for the EAP-FAST-GTC
+ inner method, it will proceed to Protected Termination as described
+ in [RFC4851]. In the case of an unrecoverable EAP-FAST-GTC
+ authentication failure, the EAP server can send an EAP-FAST-GTC error
+ code as described above, along with the Result TLV for protected
+ termination. This way, no extra round trips will occur. The peer
+ can acknowledge the EAP-FAST-GTC failure as well as the Result TLV
+ within the same EAP-FAST packet. Once the server receives the
+ acknowledgement, the TLS tunnel will be torn down and a clear text
+ EAP-Failure will be sent.
+
+ The username and password, as well as server challenges, MAY support
+ non-ASCII characters. In this case, international username,
+ password, and messages are based on the use of Unicode characters,
+ encoded as UTF-8 [RFC3629] and processed with a certain algorithm to
+
+
+
+
+
+Cam-Winget & Zhou Informational [Page 6]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ ensure a canonical representation. The username and password input
+ SHOULD be processed according to Section 2.4 of [RFC4282], and the
+ server challenges SHOULD be processed according to [RFC5198].
+
+ Since EAP-FAST-GTC does not generate session keys, the MSKi (Master
+ Session Key) used for crypto-binding for EAP-FAST will be filled with
+ all zeros.
+
+3. Security Considerations
+
+ The EAP-FAST-GTC method sends password information in the clear and
+ MUST NOT be used outside of a protected tunnel providing strong
+ protection, such as the one provided by EAP-FAST. Weak encryption,
+ such as 40-bit encryption or NULL cipher, MUST NOT be used. In
+ addition, the peer MUST authenticate the server before disclosing its
+ credentials. Since EAP-FAST Server-Unauthenticated Provisioning Mode
+ does not authenticate the server, EAP-FAST-GTC MUST NOT be used as
+ the inner method in this mode. EAP-FAST-GTC MAY be used in EAP-FAST
+ authentication and Server-Authenticated Provisioning Mode [RFC5422],
+ where the server is authenticated. Since EAP-FAST-GTC requires the
+ server to have access to the actual authentication secret, it is
+ RECOMMENDED to vary the stored authentication validation data by
+ domain so that a compromise of a server at one location does not
+ compromise others.
+
+3.1. Security Claims
+
+ This section provides the needed security claim requirement for EAP
+ [RFC3748].
+
+ Auth. mechanism: Password based.
+ Ciphersuite negotiation: No. However, such negotiation is provided
+ by EAP-FAST for the outer authentication.
+ Mutual authentication: No. However, EAP-FAST provides server-side
+ authentication.
+ Integrity protection: No. However, any method executed within the
+ EAP-FAST tunnel is protected.
+ Replay protection: See above.
+ Confidentiality: See above.
+ Key derivation: Keys are not generated, see Section 2.
+ However, when used inside EAP-FAST, the
+ outer method will provide keys. See
+ [RFC4851] for the properties of those keys.
+ Key strength: See above.
+ Dictionary attack prot.: No. However, when used inside the EAP-FAST
+ tunnel, the protection provided by the TLS
+ tunnel prevents an off-line dictionary
+ attack.
+
+
+
+Cam-Winget & Zhou Informational [Page 7]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ Fast reconnect: No. However, EAP-FAST provides a fast
+ reconnect capability that allows the reuse
+ of an earlier session authenticated by EAP-
+ FAST-GTC.
+ Cryptographic binding: No. Given that no keys are generated, EAP-
+ FAST-GTC or its use within EAP-FAST cannot
+ provide a cryptographic assurance that no
+ binding attack has occurred. EAP-FAST-GTC
+ is required only to run within a protected
+ tunnel, but even the use of the same
+ credentials in some other, unprotected
+ context might lead to a vulnerability. As a
+ result, credentials used in EAP-FAST-GTC
+ SHOULD NOT be used in other unprotected
+ authentication mechanisms.
+ Session independence: No. However, EAP-FAST provides session
+ independence.
+ Fragmentation: No. However, EAP-FAST provides support for
+ this.
+ Key Hierarchy: Not applicable.
+ Channel binding: No, though EAP-FAST can be extended for
+ this.
+
+4. IANA Considerations
+
+ EAP-FAST-GTC uses the assigned value of 6 (EAP-GTC) for the EAP Type
+ in [RFC3748].
+
+ This document defines a registry for EAP-FAST-GTC error codes when
+ running inside EAP-FAST, named "EAP-FAST GTC Error Codes". It may be
+ assigned by Specification Required as defined in [RFC5226]. A
+ summary of the error codes defined so far is given below:
+
+ o 646 ERROR_RESTRICTED_LOGON_HOURS
+
+ o 647 ERROR_ACCT_DISABLED
+
+ o 648 ERROR_PASSWD_EXPIRED
+
+ o 649 ERROR_NO_DIALIN_PERMISSION
+
+ o 691 ERROR_AUTHENTICATION_FAILURE
+
+ o 709 ERROR_CHANGING_PASSWORD
+
+ o 755 ERROR_PAC_I-ID_NO_MATCH
+
+
+
+
+
+Cam-Winget & Zhou Informational [Page 8]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ No IANA registry will be created for Labels, as current
+ implementations only support the Labels defined in this document and
+ new Labels are not expected; if necessary, new Labels can be defined
+ in documents updating this document.
+
+5. Acknowledgments
+
+ The authors would like thank Joe Salowey and Amir Naftali for their
+ contributions of the problem space, and Jouni Malinen, Pasi Eronen,
+ Jari Arkko, and Chris Newman for reviewing this document.
+
+6. References
+
+6.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
+ 10646", STD 63, RFC 3629, November 2003.
+
+ [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
+ Levkowetz, "Extensible Authentication Protocol (EAP)",
+ RFC 3748, June 2004.
+
+ [RFC4282] Aboba, B., Beadles, M., Arkko, J., and P. Eronen, "The
+ Network Access Identifier", RFC 4282, December 2005.
+
+ [RFC4851] Cam-Winget, N., McGrew, D., Salowey, J., and H. Zhou, "The
+ Flexible Authentication via Secure Tunneling Extensible
+ Authentication Protocol Method (EAP-FAST)", RFC 4851,
+ May 2007.
+
+ [RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network
+ Interchange", RFC 5198, March 2008.
+
+ [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
+ IANA Considerations Section in RFCs", BCP 26, RFC 5226,
+ May 2008.
+
+6.2. Informative References
+
+ [RFC2759] Zorn, G., "Microsoft PPP CHAP Extensions, Version 2",
+ RFC 2759, January 2000.
+
+ [RFC4511] Sermersheim, J., "Lightweight Directory Access Protocol
+ (LDAP): The Protocol", RFC 4511, June 2006.
+
+
+
+
+Cam-Winget & Zhou Informational [Page 9]
+
+RFC 5421 EAP-FAST with GTC March 2009
+
+
+ [RFC5422] Cam-Winget, N., McGrew, D., Salowey, J., and H. Zhou,
+ "Dynamic Provisioning Using Flexible Authentication via
+ Secure Tunneling Extensible Authentication Protocol (EAP-
+ FAST)", RFC 5422, March 2009.
+
+Authors' Addresses
+
+ Nancy Cam-Winget
+ Cisco Systems
+ 3625 Cisco Way
+ San Jose, CA 95134
+ US
+
+ EMail: ncamwing@cisco.com
+
+
+ Hao Zhou
+ Cisco Systems
+ 4125 Highlander Parkway
+ Richfield, OH 44286
+ US
+
+ EMail: hzhou@cisco.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Cam-Winget & Zhou Informational [Page 10]
+